Re: WebISO: the killer kerberos app?

2004-03-08 Thread Wyllys Ingersoll
On Thu, 2004-03-04 at 20:43, Russ Allbery wrote: Christopher Kranz [EMAIL PROTECTED] writes: It occurred to me that if you think of the web client as the credentials cache Kerberos could easily be used as a WebISO solution. The web client connects to the web app. If you don't already

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Russ Allbery
Wyllys Ingersoll [EMAIL PROTECTED] writes: Isn't this very similar to the what Passport and Project Liberty propose to use? Basically, its a variation of the secure cookie scheme. Netegrity does something similar as well. Right. Is there a comparison anywhere between webauthv3 and the

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Wyllys Ingersoll
One thing I dislike about webauth is that it is using raw KRB5 as opposed to the more portable and extensible GSSAPI interface. Why was GSSAPI not chosen? WebAuth only uses Kerberos v5 in one particular place, namely the bootstrap for an application server. Note that any

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Russ Allbery
Wyllys Ingersoll [EMAIL PROTECTED] writes: Writing new code is the barrier that will prevent it from going much beyond the experimental stage unless it is adopted by a mainstream browser (mozilla) and web server (apache). What makes you think that WebAuth hasn't gone beyond the experimental

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Wyllys Ingersoll
On Mon, 2004-03-08 at 14:21, Russ Allbery wrote: Wyllys Ingersoll [EMAIL PROTECTED] writes: Writing new code is the barrier that will prevent it from going much beyond the experimental stage unless it is adopted by a mainstream browser (mozilla) and web server (apache). What makes you

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Ken Hornstein
What makes you think that WebAuth hasn't gone beyond the experimental stage? I guess I chose the wrong words there. Basically, I just meant moving it beyond Stanford and into the mainstream. I did not mean to marginalize your efforts. Actually ... judging by the people who want some form

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Russ Allbery
kevin mcgowan [EMAIL PROTECTED] writes: With kx.509, users have the power to never send their Kerberos password over the network -- translating desktop single sign-on to the web. Cosign uses no domain cookies, allows users to logout of all cosign protected services, is capable of transferring

Re: WebISO: the killer kerberos app?

2004-03-08 Thread Henry B. Hotz
There's also kx509. At 12:00 PM -0500 3/8/04, [EMAIL PROTECTED] wrote: Date: Mon, 08 Mar 2004 08:38:05 -0500 From: Wyllys Ingersoll [EMAIL PROTECTED] To: Russ Allbery [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: WebISO: the killer kerberos app? Message-ID: [EMAIL PROTECTED] In-Reply-To: